Уязвимость CVE-2021-30860: Информация

Описание

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Важность: HIGH (7,8) Вектор: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

      Start including

      10.15

      End excliding

      10.15.7

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

      End excliding

      14.8

      ---

      cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

      End excliding

      7.6.2

      ---

      cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

      End excliding

      11.6

      ---

      cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

      Start including

      13.0

      End excliding

      14.8

      ---

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

      End excliding

      12.5.5

      ---

      Конфигурация 2

      cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*

      End excliding

      4.04

      ---

      Конфигурация 3

      cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*

      End excliding

      22.09.0

      ---